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I. Basis of the report 



1. With regard to the elonents of the international application:* 
the international application as originally filed, 
the description: 

pages 1-10 as originally filed 

pages NONE , filed with the demand 

pages NONE , filed with the letter of 



the claims: 

pages 11>14 i as originally filed 

pages NONE , as amended (together with any statement) under Article 19 

pages NONE . filed with the demand 

pages NONE , filed with the letter of . • 

the drawings: 

pages 1^2 2. originally filed 

pages NONE , filed with the demand 

pages NONE , filed with the letter of . , • 

I I the sequence listing pan of the description: 

pages NONE , as originally filed 

pages NONE , filed with the demand 

pages NONE , filed with the letter of ^• 

2 With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language which is: 

I I the language of a translation fiimished for the purposes of international search (under Rule23. 1(b)). 
I I the language of publication of the international application (under Rule 48.3(b))- 

|~| the language of the translation fiimished for the purposes of international preliminary examination(under Rules 
55.2 and/or 55.3). 

With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

I I contained in the international application in printed form. 
I I filed together with the international application in computer readable form. 
I I furnished subsequently to this Authority in written form. 
I I furnished subsequently to this Authority in con^uter readable form. 

□ The statement that the subsequentiy fiimished written sequence listing does not go beyond the disclosure in the 
international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence listing 
has been furnished 

The amendments have resulted in the cancellation of 
the description, pages NONE 



^ the claims, Nos. NONE 

the drawings, sheets/fig NONE 



5. □ This report has been established as if (some of) the amendments had not been made, since they have been considered to go 

beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)).** 
* Replacement sheets which have been furnished to the receiving Office in response to aninvitation '^f^''^^^'^^^ "'^J^^^^''' 
this report as -originally filed" and are not annexed to this report since they do not contain amendments (Rules 70.16 and 70.17). 
♦* Aw, replacement sheet containing such amendments must be referred to under item 1 andannexed to this report. 
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^"Reasoned statement unier Rule ^^h r 

Citations andexplanat^^ 



;^to novelty, inventive step or industrial appUcability; 



1. STATEMENT 

Novelty (N) 



Inventive Step (IS) 
Industrial Applicability GA) 



2. CITATIONS AND EXPLANATIONS 
Please See Continuation Sheet 



Claims Q in, 16. and 18-20 . 

Claims T-a I7,21.and^ — 



_YES 
NO 



Claims NONE_ 



Claims 1-22 
Claims 1-22 



YES 
NO 



Claims NONE, 



YES 
NO 
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Vn. Ce rtain defects in the international appUcation 
Uefono^ingdefectsinthefonnorcontemsoftheint^tionalappli^^^^ 

^^''uiS^rtS^dlLlosed invention Should .^fCUimllis 
. Pr^ uuxe 66 2(«)(.ii) as containing the following defect in the fonn or contents thereof. Claun 11 « 

'cia.l3iso.ec.eatoun.erPCri.e66.«aKii0ascont..ng..follow^aefect.*e^^ 
' ^'plurality" in line 1, insert -of-. 
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Vm. Certain observations on the international application 



The following observations on the clarity of the claims, description, and drawings or on the questions whether the claims 
are fully supported by the description, are made: 

Claims M 1 are objected to under PCT Rule 66.2(a)(v) as lacking clarity under PCX Article 6 because claims 1-1 1 are indefinite for 
the following reason: Claim 1 is incomplete for omitting essential stmcttiral cooperative relationships of elements, such omission 
amounting to a gap between the necessary structural connections. The omitted stmcniral cooperative relationships are: die 
workstation coupled via a computer network. 

Claim 10 is objected to under PCT Rule 66.2(a)(v) as lacking clarity under PCT Article 6 because claim 10 is indefinite for die 
following reason: Claim 10 recites the limitation "said event log" in line 1. There is insufficiem antecedent basis for this lunitation 
in the claim. 
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V. 2. Citations and Explanations: ...on vt 

Claims 1-8. 11-14, 17. 21, and 22 lack novelty under PCX Article 33(2) as being anticipated by Ensor et al.. U.S. Patent No. 
5,721,780 A. 

As per claims 1 and 21. Ensor et al. illustrate a method and computer readable medium fior providing security to a computer network 
by monitoring the physical tocation of a network login or login attempt, comprising: 

associating a workstation to a physical location (see column 4, lines 19-25; figure 1. items 110 and 1 12; a terminal device for a home 
subscriber station connected by a telephone jack and line); 

associating a network user to the workstation (see column 3. lines 62-67; a user who has a particular subscriber terminal); 

monitoring a computer network to determine a network login or attempted login of the user (^ column 4. lines ^W'S^: receiving from 
r networic a unijue. network coupling identifier for the particular terminal when the subscriber attempts to gam access to the 

network); 

determininj! a physical location of the login or attempted login (see column 4. lines 51-63; figure 1, item 112 and 122; detemiining the 
Sn of theE^l from the unique.'networic cJupling identifier associated with the dedkated telephone Ime couplmg the tennmal 

to the network); and 

determining whether die user is authorized to access the network fi-om the physical location of die login or attempted login (see 
SZ 5 fi.^ 54-67; colunm 6. lines 1-6; figure 1. items 110. 112. 126, and 114; the transaction ■"^e«^~'"P'»;;^ *f "^^^^ 
encrvDted passwoitl widi the retrieved password where two nonidentical passwords indicate an unaudiorized login attempt arid two 
identical passwoitis indicate successful authentication for the subscriber to access the network at the dedicated telephone line). 

As per claim 2, Ensor et al. then point out: 

determining whether pieventative action is necessaiy (see column 5. lines 58-60; figure 1, item 114; comparing if die newly encrypted 
passwoitl is Klentk»l to the retrieved password), and 

if so (see column 5, lines 60-61: if the two passwords are not identical), automatically initiating preventative action (see column 5, 
lines 60-66; figures 110, 112, and 126; sending an error message to the subscriber that the audienticaaon has felled). 
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As per claim 3, Ensor et al. further describe: 

generating an alert (see column 5, lines 60-66; figures 1 10, 1 12. and 126; sending an error message to the subscriber that the 
authentication has failed). 

As per claim 4, Ensor et al. additionally mention: 

disconnecting the workstation from the network (see column 6, line 1; the modem connection is terminated). 
As per claim S, Ensor et al. then discuss: 

generating a notification message that the user is accessing the computer network from an unauthorized location (see column 5, lines 
60-66; an error message is sent indicating a mismatch between the particular terminal and the dedicated telephone line at an 
unauthorized location for the subscriber). 

As per claim 6, Ensor et al. moreover elaborate: 

storing information regarding the physical location of the login (see column 6. lines 26-42; figure 1 , items 108, 1 12. and 1 10; 
updating the password for the subscriber by encrypting the network coupling identifier with a differem encryption key) and the 
attempted login (see column 5. lines 22-27; creating a subscriber registration account by the newly encrypted password representative 
of the telephone number of the particular terminal) . 

As per claim 7, Ensor et al. next describe: 

storing information regarding the workstation associated with the login (see column 6, lines 26-42; figure 1, item 110. 108. and 112; 
updating the corresponding list of passwords by encrypting die network coupling identifier using a differem encryption key after an 
ii^ial password auLntication for a selected terminal) and attempted login (see column 5, lmes^-27; registermg 
terminal attempting to login by creating a subscriber registration account in the database identified by the newly encrypted password).. 



As per claim 8, Ensor et al. also specify: 

workstation information including the jack or outlet information (see column 6. lines 26-42; figure 1, item 1 10, ^^^I'^^Jl^^i 
updating the corresponding list of passwords by encrypting the network coupling identifier usmg a ^ ifferent encnrpuon key after an 
S passwo^ auLmication for a selected terminal; see column 4. lines 51-63; figure 1. item 112 and 122; where the unique, 
network coupling identifier is associated with the dedicated telephone line coupling the terminal to the network). 

As per claim 11, Ensor et al. then point out: 

associating a network user to the workstation (see colunm 3. lines 62-67; a user who has a particular subscriber terminal). 

As per claim 12. Ensor et al. illustrate a meUiod for providing security to a computer network by monitoring the network login or 
login anempt from a particular workstation, comprising: 

associating a workstation to a physical location (see column 4. lines 19-25; figure 1, items 110 and 112; a terminal device for a home 
subscriber station connected by a telephone jack and line); 

associating a network user to die workstation (see column 3. lines 62-67; a user who has a particular subscriber terminal); 

monitoring a computer network to determine a network login or attempted login of die user (see column 4. lines 40-59; receiving from 
die network a unique, networic coupling identifier for the panicular terminal when die subscriber attempts to gam access to die 
network); 
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dedicated telephone line). 

M p., ...n. „. B.^. » ... ™— . • 

comprising; i oi f 1 

in me se'rvice bur;*- internal database for a subscriber); , - 112 and 

one or .ore prcK^ssors for «ceivi^g iogin aTi^^riSd-e^iSSSph^^^^ 
122; receiving *e unique, network coujrfmg '«»f " j^^^^*; J,^^^^^ in a predetermined location in the 
networlc and; see column 5. lines 3-21: figure 1, "l"",^^** *^ ^ff^^^^^ rtie user or the workstation is authorized to logm to 

from the terminal at the dedicated telephoi* line). 
As oer claim 14. Ensor et al. fiirtfier describe: 
subscriber ttiat the authentication has felled). 

1 As oer claim 17, Ensor etal. moreover point out: 

.,.„,„ 5 lines 50-54- figure 3, step 330: instructing the networic to termmate the 
that the alert comprises a termination signal (see column 5. hnM 50 54. tipire 3. cp 

SS^ SSi^rn to discom^ct the subscriber fh.m the n^^^^ 
Mperc.aim22,E„soreta..depictanetworks.uritys>.s«^^^^ 

line into a telephone network), comprismg: 

line inio a ic H ^ ^ and 100; figure 2, 

call to the service bureau); and • 110 1 12 and 



lU^in VaCT> WW WW 
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newly encrypted password widi the retrieved password where two nonidentical passwords indicate an unauthorized login attempt and 
two identical passwords indicate successful audientication for the subscriber to access the network at the dedicated telephone line). 

Claims 8-10 lack an inventive step under PCX Article 33(3) as being obvious over the Ensor et al.. U.S. Patent No. 5.721.780 A as 
applied to claim 1 and ftirtfier in view of Kondo et al. . U.S. Patent No. 5,684.957 A. 

As per claim 8 Ensor et al. specify workstation information including the jack or ouUet information (see column 6, lines 26-42; figure 
1 item 1 10 108 and 1 12; updating the corresponding list of passwords by encrypting die network coupling identifier using a 
different encryption key after an initial password authentication for a selected terminal; see column 4, lines 51-63; figure 1. itein 112 
and 122 where the unique, network coupling identifier is associated widi the dedicated telephone line coupling the tennmal to the 
network) However, diey do not describe the other details. Kondo et al. point out the date and time of each succ«sfiil logm (see 
column 17 lines 36-45; figure 14. items 1403; login times), domain address (see column 17. Imes 36-45; figure 14. items 1401; 
names of virtual terminals; see column 17, lines 48-55; figure 15, item 1502; employed for login procedures), and mformanon 
Sing which network resources were accessed (see column 19, lines 1^; figure 19; accesses history uiformation mduding names 
of filK access users, access process, and data and time of access). Therefore, it would have been obvious to one of ordinary skill m 
S^e computer art at die time the invention was made to combine die mediod of Ensor et al. wid. the date and tmie of each successful 
Lin domain address, and information regarding which network resources were accessed of Kondo et al. to provide a network 
manakemem system die capability of early detection of an unaudiorized entry from outside and unaudionzed u^ from inside by 
MWng AeTuitus of aLesses to a network device by leaving a recori of accesses (see column 4. Imes 60-67 and column 5. Imes 
1-4). 

As per claim 9. Ensor et al. teach die metfiod of clahn 1. However, they do not explicidy show an event log Kondo et "l- describe 
ii e^ent log (s;e column 17. lines 3648; figure 14; a login records Ubie). TTierefore. it would have been obvious to of ordii^ry 
^iuTn Aelomputer art at die time die invention was made to combine die meUiod of Ensor et al. wuh die evem log of Kondo et al 
o provide a 3oA management system die capabUity of early detection of an unaudiori2«l entry from outs.de a«l ";«»*o^ use 
froTlmide by determining die status of accesses to a network device by leaving a record of accesses (see column 4. Imes 60-67 and 
column 5, lines 1-4). 



As per claim 10, Kondo et al. further elaborate: 

.h„ the event log comprises information regarding die physical location of die login or attanpted login (see column 17 . lines 36-41 ; 
Su^ 14 Uem f4^rS^i oS^ termiLls; si coUn 12; lines 50-59; where die physi«l position of diej«med logui termmal is 
SJd in a map database) and irformation regarding die user (see colmnn 17. lines 36^1 : figure 14. item 1400; names of logm 
S Therefore it would have been obvious to one of ordinary skill in die computer art at dte time die mventwii was n«de » 
Sine the mS oTEnsor et al. widi die evem log of Kondo et al. to provide a network manag«nent system die capabU.ty of «rly 
S^teSn of aTunSt^orized entry fi-om outside and unaudiorized use from inside by detennining dte stanis of accesses to a network 
device by leaving a record of accesses (see column 4. lines 60-67 and column 5. Imes 1-4). 

Claims 15-16 lack an invemive step under PCT Article 33(3) as being obvious over die Ensor et al.. U.S. Pattm No. 5.721.780 A as 
applied to claim 14 and ftirdier in view of Day, U.S. Patent No. 6,311,274 Bl. 

As per claim 15 Ensor et al. describe die system of claim 14. However, diey do not explicidy teach an email notification. Day 
mus^.^ It » aim ii^ludes an emaU notification (see column 2. lines 65-67 and column 3. mes 1-20; sendmg an e-mail mes«ge 
wte^ralm ^.^ tfon is met). TTierefore. it would have been obvious to one of ordinary skill m die computer art at die tune die 
tov^ntfon w^ S to combine die system of Ensor et al. wid. die email notification of Day to prevent an miaudiorized party 
^^ll^g ZTjly audwrized Z send alerts and prevem unaudiorized disclosure or modification of mformation contamed m die 
alert (see column 1. lines 52-60). 

As per claim 16, Day further describes: 

dBt die alert comprises a pager notification (see colmmi 5. lines 32-37; an alert action comprising sending a message to a pager^ 
Therefore it woTd have befn obvious to one of onlinary skill in die computer art at die tmie die mvenuon was made to combine die 
^Srm^ E^r et aL wi A die pager notificatfon of Day to send die alert to a person as a recipient of die alert meant to receive such 

information (see column 5, lines 42-45). 
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Claims 18-20 lack an inventive step under PCT Article 33(3) as being obvious over the Ensor et al., U.S. Patent No. 5,721 ,780 A as 
applied to claim 14 and fiirther in view of Kondo et al., U.S. Patent No. 5,684,957 A. 



As per claim 18. Ensor et al. teach the system of claim 14. However, they do not expliciUy show an event log. Kondo et al. describe 
an event log (see column 17, lines 36-48; figure 14; a login records table). TTierefore, it would have been obvious to one of ordinary 
skill in the computer art at the time the invention was made to combine the system of Ensor et al. with die event log of Kondo et al. to 
provide a network management system the capability of early detection of an unauthorized entry from outside and unauthorized use 
from inside by determining the status of accesses to a network device by leaving a record of accesses (see column 4. Imes 60-67 and 
column 5, lines 1-4). 



As per claim 19, Kondo et al. then discuss: 

that the event log comprises a time of the access (see column 17, lines 36-45; figure 14, items 1403 and 1404; login times and logout 
times) Therefore it would have been obvious to one of ordinary skill in the computer art at the time the mvention was made to 
combine the system of Ensor et al. with the event log of Kondo et al. to provide a network managemem system the capability of early 
detection of an unauthorized entry from outside and unauthorized use from inside by determining the status of accesses to a network 
device by leaving a record of accesses (see column 4, lines 60-67 and column 5. lines 1-4). 



As per claim 20, Kondo et al. ftirther elaborate: 

that the event log comprises information regarding the physical location of the login or attempted login (see column 17 lines 36^1 ; 
fieure 14 item 1402; names of login terminals; see column 12; lines 50-59; where die physical position of the named login termmal is 
Sned In a map database) and irformation regarding the user (see column 17, lines 36^1; figure 14 item 1400; names of logm 
users) Therefore, it would have been obvious to one of ordinary skill in the computer art at the time the mvention was made to 
combine the system of Ensor et al. with the event log of Kondo et al. to provide a network management system the capability of early 
detection of an unaudiorized entry from outside and unaudiorized use from insWe by determining the status of accesses to a network 
device by leaving a record of accesses (see column 4, lines 60-67 and column 5, Imes 1-4). 

Claims 1-22 meet the criteria set out in PCT Article 33(4). and thus have industrial applicability b«:ause the subj«:t matter claimed 
can be made or used in industry to prevem unlawful or unauthorized activities by an otherwise authorized network user (see 
description, page 2, .11 [005H006)). 



NEW CITATIONS 

NONE 
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